Maintaining control while delegating trust: Integrity constraints in trust management

Sandro Etalle; William H. Winsborough

doi:10.1145/1609956.1609961

Maintaining control while delegating trust: Integrity constraints in trust management

Sandro Etalle, William H. Winsborough

Research output: Contribution to journal › Article › Academic › peer-review

2 Citations (Scopus)

Abstract

We introduce the use, monitoring, and enforcement of integrity constraints in trust management-style authorization systems. We consider what portions of the policy state must be monitored to detect violations of integrity constraints. Then, we address the fact that not all participants in a trust-management system can be trusted to assist in such monitoring, and show how many integrity constraints can be monitored in a conservative manner so that trusted participants detect and report if the system enters a policy state from which evolution in unmonitored portions of the policy could lead to a constraint violation.

Original language	Undefined
Article number	10.1145/1609956.1609961
Pages (from-to)	5:1-5:27
Journal	ACM transactions on information and system security (TISSEC)
Volume	13
Issue number	1
DOIs	https://doi.org/10.1145/1609956.1609961
Publication status	Published - 2009

Keywords

EWI-17131
SCS-Cybersecurity
distributed system security
IR-69534
Integrity
Trust Management
METIS-264303
Access Control

Access to Document

10.1145/1609956.1609961

http://eprints.eemcs.utwente.nl/secure2/17131/01/TISSEC-Etalle-Winsborough.pdf

Cite this

Etalle, S., & Winsborough, W. H. (2009). Maintaining control while delegating trust: Integrity constraints in trust management. ACM transactions on information and system security (TISSEC), 13(1), 5:1-5:27. [10.1145/1609956.1609961]. https://doi.org/10.1145/1609956.1609961

@article{2ea5bf73757d47da8de97eef4ebd112a,

title = "Maintaining control while delegating trust: Integrity constraints in trust management",

abstract = "We introduce the use, monitoring, and enforcement of integrity constraints in trust management-style authorization systems. We consider what portions of the policy state must be monitored to detect violations of integrity constraints. Then, we address the fact that not all participants in a trust-management system can be trusted to assist in such monitoring, and show how many integrity constraints can be monitored in a conservative manner so that trusted participants detect and report if the system enters a policy state from which evolution in unmonitored portions of the policy could lead to a constraint violation.",

keywords = "EWI-17131, SCS-Cybersecurity, distributed system security, IR-69534, Integrity, Trust Management, METIS-264303, Access Control",

author = "Sandro Etalle and Winsborough, {William H.}",

note = "10.1145/1609956.1609961",

year = "2009",

doi = "10.1145/1609956.1609961",

language = "Undefined",

volume = "13",

pages = "5:1--5:27",

journal = "ACM transactions on information and system security (TISSEC)",

issn = "1094-9224",

publisher = "Association for Computing Machinery (ACM)",

number = "1",

}

TY - JOUR

T1 - Maintaining control while delegating trust: Integrity constraints in trust management

AU - Etalle, Sandro

AU - Winsborough, William H.

N1 - 10.1145/1609956.1609961

PY - 2009

Y1 - 2009

N2 - We introduce the use, monitoring, and enforcement of integrity constraints in trust management-style authorization systems. We consider what portions of the policy state must be monitored to detect violations of integrity constraints. Then, we address the fact that not all participants in a trust-management system can be trusted to assist in such monitoring, and show how many integrity constraints can be monitored in a conservative manner so that trusted participants detect and report if the system enters a policy state from which evolution in unmonitored portions of the policy could lead to a constraint violation.

AB - We introduce the use, monitoring, and enforcement of integrity constraints in trust management-style authorization systems. We consider what portions of the policy state must be monitored to detect violations of integrity constraints. Then, we address the fact that not all participants in a trust-management system can be trusted to assist in such monitoring, and show how many integrity constraints can be monitored in a conservative manner so that trusted participants detect and report if the system enters a policy state from which evolution in unmonitored portions of the policy could lead to a constraint violation.

KW - EWI-17131

KW - SCS-Cybersecurity

KW - distributed system security

KW - IR-69534

KW - Integrity

KW - Trust Management

KW - METIS-264303

KW - Access Control

U2 - 10.1145/1609956.1609961

DO - 10.1145/1609956.1609961

M3 - Article

VL - 13

SP - 5:1-5:27

JO - ACM transactions on information and system security (TISSEC)

JF - ACM transactions on information and system security (TISSEC)

SN - 1094-9224

IS - 1

M1 - 10.1145/1609956.1609961

ER -